FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4624

This CVE name corresponds to:

Entered Topic
2006-09-04 mailman -- Multiple Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-4624 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-4624
Phase Assigned(20060907)

Description

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

References

Source Reference
BUGTRAQ 20060913 Mailman 2.1.8 Multiple Security Issues
MLIST [Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9
MISC http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859&r2=7923
MISC http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt
CONFIRM http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295
DEBIAN DSA-1188
GENTOO GLSA-200609-12
MANDRIVA MDKSA-2006:165
REDHAT RHSA-2007:0779
SUSE SUSE-SR:2006:025
BID 19831
BID 20021
OVAL oval:org.mitre.oval:def:9756
VUPEN ADV-2006-3446
SECUNIA 21732
SECUNIA 22011
SECUNIA 22020
SECUNIA 22227
SECUNIA 22639
SECUNIA 27669
XF mailman-admin-spoofing(28734)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.